[Openswan Users] pluto assertion

Paul Wouters paul at xelerance.com
Mon Oct 13 13:59:48 EDT 2008

On Mon, 13 Oct 2008, Brad Johnson wrote:

> Has anyone else seen this? I try to connect using certificates with the 
> responder having a rightid containing wild cards and pluto crashes with 
> the following syslog message:
> Oct 13 10:27:48 PowerLink pluto[1837]: "server" #2: ASSERTION FAILED at 
> kernel.c:2237: c->kind == CK_PERMANENT || c->kind == CK_INSTANCE

That's a bug that needs fixing.....

>     right=
>     rightid="/C=US/ST=MN/O=Astrocom/OU=Engineering/CN=*"

> This works fine if I remove the "right=" from the responder 
> side. So apparently wildcards are illegal in a non-roadwarrior type of 
> configuration?

It's all about wether to instantiate the connection or not. Since
you'respecifying an IP, openswan assumes this connection doesnot
need instantiation, but then the wildcard causses it to think it
is an instance. I guess the easy fix for this is to not allow wildcards
in this case, though the better fix is to allow this but change
the type to CK_PERMANENT.


More information about the Users mailing list